← Back to team overview

touch-packages team mailing list archive

[Bug 1288777] Re: Qt bearer thread requires otherwise unneeded internet access

 

I get his log when running it with Qt 5.3:

type=AVC msg=audit(1414555047.145:83): apparmor="DENIED" operation="create" profile="com.ubuntu.developer.jdstrand.permy_permy_0.7" pid=3682 comm="qmlscene" family="netlink" sock_type="raw" protocol=0
type=AVC msg=audit(1414555047.155:84): apparmor="DENIED" operation="create" profile="com.ubuntu.developer.jdstrand.permy_permy_0.7" pid=3727 comm=517420626561726572207468726561 family="netlink" sock_type="raw" protocol=0

I don't think this comes from QtBearer which certainly does need
internet access, but from something to do with something in qmlscene
needing a socket.

Only QNAM and QtNetworkConfiguration stuff uses QtBearer. Qt's Sockets
doesn't use that.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1288777

Title:
  Qt bearer thread requires otherwise unneeded internet access

Status in “qtbase-opensource-src” package in Ubuntu:
  New

Bug description:
  When comparing Qt5.0 denials with Qt5.2 denials on test runs that popey did, it looks like Qt5.2 changed its behavior such that the Qt bearer thread requires otherwise unneeded internet access. Eg, 'permy' from the appstore does not (and should not) use the "networking" policy group. On 5.0, launching it causes no apparmor denials. On 5.2, it does:
  Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor="DENIED" operation="create" parent=NNNN profile="com.ubuntu.developer.jdstrand.permy_permy_0.5" pid=NNNN comm=517420626561726572207468726561 family="inet" sock_type="dgram" protocol=0

  Permy's source is at lp:permy. Note, one other application besides permy had similar denials:
  Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor="DENIED" operation="create" parent=NNNN profile="org.sambull.eo-dict_eo-dict_0.2" pid=NNNN comm=517420626561726572207468726561 family="inet" sock_type="dgram" protocol=0

  This may seem like it isn't important-- the apparmor policy doesn't
  say it is allowed to connect to the network and apparmor correctly
  blocks it. I don't know if the app is adversely affected though (these
  aren't my logs). It might be, and even if it isn't, the noisy denial
  will lead to confusion (we can't explicitly deny networking in its
  policy to silence the denial due to how apparmor policy works).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1288777/+subscriptions